IETF94 M2M Authentication
2015.12.8 ID
kura
ID /
OpenID ISOC-JP
ID
@kura_lab
SEC area
1. ace WG
2. cose WG
3. tokbind WG
4. oauth WG
ART area
1. core WG
ace WG (SEC)Actors in the ACE Architecture https://www.ietf.org/proceedings/94/slides/slides-94-ace-2.pdf
Single-Domain with Single AS Cross-Domain with single AS
https://www.ietf.org/proceedings/94/slides/slides-94-ace-2.pdf
ace WG (SEC)ACE Solutions
https://www.ietf.org/proceedings/94/slides/slides-94-ace-6.pdf
draft-cuellar-ace-solutions-00
PAT Tokens(Privacy-Enhanced-Authorization-Tokens)
https://www.ietf.org/proceedings/94/slides/slides-94-ace-5.pdf
https://www.ietf.org/proceedings/94/slides/slides-94-ace-6.pdfhttps://www.ietf.org/proceedings/94/slides/slides-94-ace-5.pdf
ace WG (SEC)Delegated Authenticated Authorization Framework (DCAF)
https://www.ietf.org/proceedings/94/slides/slides-94-ace-3.pdf
DTLS
https://www.ietf.org/proceedings/94/slides/slides-94-ace-3.pdf
ace WG (SEC)Authorization using OAuth 2.0
https://www.ietf.org/proceedings/94/slides/slides-94-ace-1.pdf
ACRE(ace-core-authz)OAuth(ace-oauth-iot/introspection)draft
https://www.ietf.org/proceedings/94/slides/slides-94-ace-1.pdf
DCAF vs OAuth
ace WG (SEC)1. draft
OAuth - 20% / DCAF -
2.
OAuth - 3 / DCAF - 1
ace WG (SEC)3. 12
1- 12 / 2 - 2 / 10
4. ?
DCAF - 0 / OAuth - 1/2
ace WG (SEC)Using DCAF With CBOR Encoded Message Syntax
https://www.ietf.org/proceedings/94/slides/slides-94-ace-4.pdf
https://www.ietf.org/proceedings/94/slides/slides-94-ace-4.pdf
cose WG (SEC)Object Security of COAP
https://www.ietf.org/proceedings/94/slides/slides-94-cose-1.pdf
COSEHMAC-SHA256/ECDSA with 64 bytes signature
COSE Message Issues
https://www.ietf.org/proceedings/94/slides/slides-94-cose-2.pdf
COSERSA 1.5MIME Type
issueshttps://github.com/cose-wg/cose-issues/issues
https://www.ietf.org/proceedings/94/slides/slides-94-cose-1.pdfhttps://www.ietf.org/proceedings/94/slides/slides-94-cose-2.pdfhttps://github.com/cose-wg/cose-issues/issues
tokbind WG (SEC)Token Binding for HTTPS
draft-ietf-tokbind-https-02
tls_unique Exported Key Material (EKM)
Sensitivity of the Token-Binding HeaderSecuring Federated Sign-On Protocols
LC
tokbind WG (SEC)Token Binding Protocol & TLS Extension
draft-ietf-tokbind-protocol-03
draft-ietf-tokbind-negotiation-01
tls_uniqueExported Key Material (EKM)
rsa2048_pkcs1.5_sha256 rsa2048_pkcs1.5
oauth WG (SEC)Status Update
PoP ArchitecturePoP Key SemanticsIEST
OAuth 2.0 JWT Authorization Request
Request Object URI
PoP Key DistributionToken Endpointaud
oauth WG (SEC)Proof-of-Possession Key Distribution
Refresh Token
Confidential client ID/Client SecretPoP
Public client PKCE(Proof Key for Code Exchange)
oauth WG (SEC)HTTP Signing
HTTPSignaturePoP token
JSONJWSAuthorization
Token Exchange
IETF93@
oauth WG (SEC)Rechartering
OAuth 2.0 for Native Apps
OpenID FoundationSSO
16 for doing the work / 0 against / 2 need more info
Security Extensions & Fixes
asymmetric PKCE extension, token binding for refresh tokens and post message response mode to replace fragment.
17 for/ 0 against/ 0 need more info
oauth WG (SEC)Rechartering
API Management
User-Managed Access(UMA)
6 for / zero against / 9 need more information
JWT Claims
draft-jones-oauth-amr-values draftJWT Claims
9 for / zero against / 6 need more information
oauth WG (SEC)Rechartering
Device Flow
FacebookGoogletvOSOAuth 2.0
16 for / zero against / 2 need more information
Discovery(Oauth Meta)
OAuthURL
19 for / zero against / 4 need more information
core WG (ART)CoRE Resource Directory
draft-ietf-core-resource-directory-05.txt
Resource Directory(RD)M2M
core WG (ART)A TCP and TLS Transport for the Constrained Application Protocol (CoAP)
draft-tschofenig-core-coap-tcp-tls-04.txt
CoAP over TCP / CoAP over TLS
core WG (ART)Reusable Interface Definitions for Constrained RESTful Environments
draft-ietf-core-interfaces-04.txt
Content-FormatsLinksCollection TypesBinding methods(Polloing/Observe/Push)Interface
core WG (ART)Media Types for Sensor Markup Language (SenML)
draft-jennings-core-senml-02.txt
HTTPCoAPJSONCBORXMLEXI
core WG (ART)CoAP Management Interface(COMI)
draft-vanderstok-core-comi-08.txt
CoAPRESTCONF/YANGCBOR
core WG (ART)Patch Method for Constrained Application Protocol (CoAP)
draft-vanderstok-core-patch-02.txt
CoAP PUT method
CoAPmethodPATCHiPATCH
core WG (ART)CoAP FETCH Method
draft-bormann-core-coap-fetch-00.txt
CoAP methodFETCH
Constrained Objects Language
draft-veillette-core-cool-00
core WG (ART)Publish-Subscribe Broker for the Constrained Application Protocol (CoAP)
draft-koster-core-coap-pubsub-03
CoAPPub/Sub broker
SEC area
1. ace WG
OAuth
2. cose WG
JOSEissue
3. tokbind WG
tls_uniqueEKM
4. oauth WG
PoP
ART area
1. core WG
methodPub/Sub brokerdraft